Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/interezante456-pixel/nuevo-proyecto-viernes/llms.txt

Use this file to discover all available pages before exploring further.

The Usuario entity represents a staff member who can authenticate and operate within Tienda Mi Cholo. Each user is assigned exactly one Rol — Administrador, Gerente, or Cajero — which drives view-level and action-level authorization throughout the MVC application. The Estado flag provides a non-destructive way to revoke access without deleting the account or its associated audit trail. Both Usuario and Rol are persisted through AppDbContext (Usuarios and Roles DbSets) and their relationship is configured via Fluent API in OnModelCreating. A default administrator account and all three roles are seeded on first migration.

Usuario Properties

ID_Usuario
int
required
Primary key. Auto-generated by the database using DatabaseGeneratedOption.Identity. Annotated with [Key, DatabaseGenerated(DatabaseGeneratedOption.Identity)]. ID 1 is reserved for the seeded administrator account.
NomCompleto
string
required
The user’s full display name shown throughout the back-office UI and on printed receipts. Annotated with [Required, StringLength(50)] — must be non-null and no longer than 50 characters.
NomUsuario
string
required
The user’s username / handle. Annotated with [Required, StringLength(50)] — maximum 50 characters. Stored as a claim (ClaimTypes.Name) in the authentication cookie upon successful login. Used for display purposes in the navigation bar.
CorreoUsuario
string
required
The email address used as the login credential on the sign-in form. Annotated with [Required, StringLength(50)] — maximum 50 characters. Must be unique across all active users; the controller performs a duplicate-check before creating or updating a record.
Contraseña
string
required
The user’s password. Annotated with [Required, StringLength(100)] — maximum 100 characters. Currently stored as plain text. See the Security Warning section below.
Estado
bool
required
Account active/inactive flag. Annotated with [Required].
  • true — the account is active; the user can log in and access the application.
  • false — the account is disabled; login attempts are rejected even with the correct credentials, without exposing any error details to the user.
Prefer setting Estado = false over deleting a user account to preserve the integrity of Venta.Usuario_ID references in historical sales data.
Rol_ID
int
required
Foreign key to Rol.ID_Rol. Configured via Fluent API in AppDbContext.OnModelCreating:
modelBuilder.Entity<Usuario>()
    .HasOne(u => u.Rol)
    .WithMany(r => r.Usuarios)
    .HasForeignKey(u => u.Rol_ID);
Valid values are 1 (Administrador), 2 (Gerente), or 3 (Cajero).
Rol
Rol
required
Navigation property to the associated Rol. Non-nullable — every Usuario must have a role. Requires .Include(u => u.Rol) to load eagerly. The Rol.NomRol string is stored as a claim (ClaimTypes.Role) in the authentication cookie on login.

Usuario — C# Source

using System.ComponentModel.DataAnnotations;
using System.ComponentModel.DataAnnotations.Schema;

namespace Final_proyecto.Models
{
    public class Usuario
    {
        [Key, DatabaseGenerated(DatabaseGeneratedOption.Identity)]
        public int ID_Usuario { get; set; }
        [Required, StringLength(50)]
        public string NomCompleto { get; set; }
        [Required, StringLength(50)]
        public string NomUsuario { get; set; }
        [Required, StringLength(50)]
        public string CorreoUsuario { get; set; }
        [Required, StringLength(100)]
        public string Contraseña { get; set; }
        [Required]
        public bool Estado { get; set; }
        public int Rol_ID { get; set; }
        public Rol Rol { get; set; }
    }
}

Rol Properties

ID_Rol
int
required
Primary key. Auto-generated by the database using DatabaseGeneratedOption.Identity. Annotated with [Key, DatabaseGenerated(DatabaseGeneratedOption.Identity)]. IDs 1–3 are reserved for the three seeded roles.
NomRol
string
required
The human-readable role name. Annotated with [Required, StringLength(50)] — maximum 50 characters. This value is written into ClaimTypes.Role when the user authenticates, and is therefore used directly in [Authorize(Roles = "...")] decorators across the controllers.
Usuarios
ICollection<Usuario>
required
Inverse navigation collection of all Usuario records assigned to this role. Non-nullable collection (though it may be empty). Requires .Include(r => r.Usuarios) to load eagerly.

Rol — C# Source

using System.ComponentModel.DataAnnotations;
using System.ComponentModel.DataAnnotations.Schema;

namespace Final_proyecto.Models
{
    public class Rol
    {
        [Key, DatabaseGenerated(DatabaseGeneratedOption.Identity)]
        public int ID_Rol { get; set; }
        [Required, StringLength(50)]
        public string NomRol { get; set; }
        public ICollection<Usuario> Usuarios { get; set; }
    }
}

Security Warning

Passwords are stored as plain text. The current implementation compares CorreoUsuario and Contraseña directly against the database values during login — no hashing, salting, or stretching is applied. The seeded administrator password is admin123.Before deploying to any internet-accessible environment, you must replace this with a proper password hashing scheme. The recommended approach for ASP.NET Core is Microsoft.AspNetCore.Identity.PasswordHasher<T> (PBKDF2-HMAC-SHA256) or a third-party library such as BCrypt.Net-Next. All existing plain-text passwords will need to be migrated as part of that change.

Seeded Roles

Three roles are created by AppDbContext.OnModelCreating via HasData and are always present after the initial migration:
ID_RolNomRolTypical Permissions
1AdministradorFull access — user management, role assignment, reports, product/category CRUD.
2GerenteInventory management, reports, product/category CRUD; cannot manage user accounts.
3CajeroPOS sales entry and receipt printing only; read-only access to product catalogue.
The seeded administrator account (ID_Usuario = 1, NomUsuario = "admin", CorreoUsuario = "admin@micholo.com") is assigned Rol_ID = 1 (Administrador). Change its password immediately after the first successful migration in any non-development environment.
To disable a staff member’s access without losing their sales history, set Usuario.Estado = false rather than deleting the row. The Venta.Usuario_ID integer column references the user who processed each sale, but it is not a formal EF Core navigation property — so there is no cascade-delete risk, but a deleted user row could still cause orphaned references in reporting queries.

Build docs developers (and LLMs) love